While it approaches the compliance deadline, HLL is making use of its Y2K conversion exposure to spread awareness rather than leveraging it as a competitive advantage. In conversation with Jayshree Bose, Lalit Sawhney, head, information systems, HLL -- who is also chairman of the Confederation of Indian Industry's (CII) core group on Y2K -- shares crucial experiences and opinions on the massive Rs 15-crore operation, the people problem, certification -- and critical missions to concentrate on at the eleventh hour.

Now that realisation has set in that the Y2K menace is not just a foreign exchange earning opportunity forIndia, but very much a domestic problem to be tackled at the highest level, is the government taking steps to combat the threat?

Till recently, there was very little action on this front. However, with the spread of awareness, what began as a move in government circles recently is snowballing into a virtual movement. There is a lot that is happening now.

At a CII seminar held in Delhi on June 19, 1998, the Department of Electronics (DoE) secretary acknowledged that it indeed was as much a problem as an opportunity for India. And with DoE being the nodal agency for all IT-related activity in India, this has to be seen as a major step forward. The DoE secretary has written to secretaries of both the central government departments and state governments to take full cognisance of the problem. On its part, the prime minister's Task Force on Information Technology (IT) has recommended the setting up of a Rs 700-crore fund to help government departments themselves to tackle the threat of the Millennium Bug.The ministry of information and broadcasting is unleashing an awareness campaign in the media, followed up by a website exclusively on the Y2K. And this is not all. The DoE is conducting Y2K-related courses separately for the manufacturing industry and for the banking and insurance sector at Noida near Delhi. Of course, the CII continues with its efforts by holding a series of seminars throughout the country.

But all visible concern and activity seems to be in the private corporate sector and banks.

I wouldn't agree with that. It is also a fact that many public sector units are now concerned about implementation -- with good reason. The joint secretary, power, had a long discussion with me about the implications of Y2K on the power sector in India. Now, we cannot rule out negative implications. For example, sealed energy meters installed in customers' premises, which record maximum energy demand, are digital. Power distribution companies and state electricity boards which are complacent about thebug problem may well face the danger of incorrect readings, and, in turn, incorrect estimates of projected demand. Not only would this lead to a massive power shortfall for the customer, but also reduce the cash flows of these companies.

Consider this: Hindustan Lever (HLL), which does not generate too much power itself, shares the same concern as the National Thermal Power Corporation (NTPC) which generates 17,000mw. And that is because both use boilers. We at HLL have detected glitches in almost all the hardware and software which operate process control equipment for boilers, faults that we have now rectified. Everyone, including the NTPC top management realises that NTPC's case could be no different. The point is that no industry or company whether in the public or the private sector, with any degree of automation, can ignore the problem. And this the government realises now.

There are still pockets of scepticism which dismiss the Y2K danger as less for real and more a result of hype. Yourcomments.

The conclusions about the hazards facing various industries have all been drawn after rigorous tests. Consider just one general survey: a recent test of 500 basic input-output systems (BIOS) conducted by Greenwich Mean Time Inc, West Sussex did some ominous fact-finding. One, 93 per cent of pre-1997 PCs failed the Y2K test. Secondly, 47 per cent of PCs manufactured as recently as 1997 failed, too. The third conclusion was that 21 per cent of the development tools themselves could create non-compliance. Then again, it was found that 28 per cent of BIOS systems were actually non-compliant.Ideally,therefore, there should be two concurrent streams of research. One should concentrate on the compliance aspect, no doubt. The other should put in effort to come up with conclusive and irrefutable evidence that the danger is not for real. Just think of how beneficial it would be for the world in general if one could come up with some such evidence. But till such time as we do that, we cannot afford topresume that it is not for real.

As one of the few corporates in India which began early and is now approaching its Y2K compliance deadline, how did HLL go about the whole exercise?

We, in the infotech department, first started two-and-a-half years ago, after convincing the senior management about the seriousness of the issue. We set for ourselves a compliance deadline -- October 1998. We will adhere to this, so that this gives us enough time to go ahead with the testing. When we started with the initial tests, we came to the conclusion that the legacy solutions, which were old inherited systems, were neither properly documented nor compliant. Some were in Cobol, some were in X-base/Clipper or were Foxpro-based, which is the case in many companies.

In fact, much of what we touched seemed to have glitches. Fortunately, our ERP solution -- MFG-PRO -- which formed a major part of our IT strategy -- could be made fully compliant with minor patches, and we are in the process of doing that now. A morethorough test revealed that the add-on programmes we had written to work with MFG-PRO needed fixing. As part of our GAP Analysis, we also took each application and tested it in each division such as personal products, detergents. The foods division revealed the highest degree of non-compliance.

Not all non-compliant applications had to be scrapped, though, and we categorised them on the basis of the four R's: Retire obsolete or non-critical applications, Replace existing faulty software by a compliant package, Rewrite the entire system using internal or external sources and Repair systems which can be repaired.

We also did a follow-up, sending auditors to certify that what had to be retired was indeed being retired at our IT centres. The other backup was in the form of training sessions and seminars. You see, while most of the work was done on the basis of the IT department's knowledge of the company's systems, the department did not then know enough about the level of compliance as far as its suppliers,customers, etc., were concerned. We organised awareness seminars for different in-house divisions and functions such as sales, purchase, finance, etc, as also our external dependencies such as suppliers and customers, with the help of Infosys Technologies, which has acquired global exposure to the Y2K problem.

Which stage of the exercise are you now in and when do you begin the testing process?

We are now at the final stages of the seventh stage -- execution -- in a nine-step exercise which cost us Rs 15 crore. After October 1998, we will keep conducting tests on an ongoing basis.

This is the most difficult part of the exercise since the tests differ from case to case. For example, some systems have a price discount application after a particular date while others track details about sundry debtors. Given the challenge, our management committee will be supervising the testing exercise at our biggest manufacturing facility at Sewree (in Mumbai). We have launched a massive verification exercisecovering 58 suppliers at 62 factories which shows high levels of awareness amongst them, as well.

Incidentally, we have now come to know that MFG-PRO will be conducting further tests, which are scheduled to be completed only in the first quarter of 1999. I will be meeting the R&D people in the US shortly to get to know about their plans, which we will incorporate in our own testing exercise where necessary. However, our own deadline will remain October 1998.

Such a massive clean-up exercise must have posed problems. I am referring specifically to the shortage of trained hands.

One problem that comes immediately to my mind was that with the IT network running into around 340 locations, and with more than 20 locations connected by the wide area network, we realised that a single problem could infect the network. So, we had to extra careful.

Then, of course, there was the people problem. Since deploying too many in-house IT people would have hindered the regular operations of the company, we hadto outsource professionals. Here, we preferred to hire the services of those who had developed the original applications as far as possible.

They were hired and trained and sent to sites for an inventory. The logistics of imparting training good enough for them to churn out a consistent inventory was another challenge. As far as the larger consultancies are concerned, it made better sense to use their expertise at awareness seminars -- even Rs 1 lakh per session was worth it.

Here, let me point out that a major problem that would be faced by any company going in for Y2K conversion is the dearth of trained personnel caused by the massive exodus from India to the US -- its a classic case of what one would call "darkness underneath light."

The compliance exercise does have a positive side-effect, doesn't it? Any company that takes up this work seriously will have done a very intensive documentation of all its systems and identified all outdated versions that require updating.

Yes. This will giveus an excellent documentation of our IT assets inventory. In addition to this, our software applications would be cleaned up (we have discovered bugs not related to this problem) and standardised (which will reduce the cost of support since we will have less variety to handle). Even if Y2K was not such a crucial survival issue, just the benefit of documentation and robust standardisation would be worth the effort.

One crucial issue worth noting is that compliance can be regarded as total only when you are able to ensure compliance on the part of your vendors, banks, etc, to avoid the cascading effect. Has HLL been able to set a deadline to that?

Although it has not been possible to set deadlines for our banks, supply chain partners, etc., our banks like Citibank, ANZ Grindlays, Hongkong & Shanghai, State Bank of India and others have all confirmed that they are working at keeping to deadlines set between July to December 1998 -- it stands to reason that banks, with their heavy dependence on onlinesystems and their need for accurate reading of dates, will take up the compliance exercise themselves in a big way even in India. Our suppliers, as I have said, are also moving into it fast with the help of our consultants. Needless to say, how tough we can get about their deadlines will largely depend on how critical each supplier is for us. We could change suppliers or even import in the worst case scenarios. But it may not come to that. That's because peer pressure works effectively in most cases.

In the absence of proper certification facilities, how does one know whether a software being outsourced is Y2K compliant or not?

There are no site certification facilities in India. However, leading software companies are offering software certified by Info Techno Association of America (ITAA), the IT industry's leading trade group on the Y2K software conversion issue.

This is similar to ISO 9000. Incidentally, this certification has to be publicised if organisations are to make use of them.

Aspart of my responsibility as chairman of a CII core group on the Y2K, we are in dialogue with MAIT and Nasscom to ensure that IT vendors and service providers can start advertising products that are Y2K-ready.

What about the smaller companies with low Y2K budgets? How would they prioritise, keeping in mind the constraints of time and finance?

The challenges faced by smaller organisations with a high degree of computerisation would be totally different. Fewer IT people, low documentation and awareness, small budgets coupled with short deadlines must make the problem seem insurmountable to them.

So, should one just feel scared and do just nothing? I don't think so.

The best option now would be to concentrate only on critical missions like those systems which affect cash flows, connect online with other organisations, and above all, affect the safety of human beings.